Data collection and government eavesdropping on innocent American citizens were scary enough when uncovered during Barack Obama’s presidency in 2013. But these tools have become profoundly more terrifying now that they’re at the disposal of Donald Trump, with his Russian hacker minions and a vast army of hassle-happy Twitter trolls.
Activists and protesters are now on notice that they need to use more secure technology and an abundance
of caution when organizing or communicating online. Even your social media wisecrack about Trump could make you a target for doxxing and personal harassment from Trump’s legions of furious followers.
Consider the story of Lauren Batchelder. The young woman from New Hampshire asked Trump a question at a No Labels political forum during the Republican primaries. She concluded her question to Trump saying, “I don’t think you’re a friend to women.”
The next morning, Trump tweeted, “The arrogant young woman who questioned me in such a nasty fashion at No Labels yesterday was a Jeb staffer!” (She was not a Bush staffer.)
Trump’s supporters quickly posted Batchelder’s phone number and personal information online, and her Facebook inbox was jammed with threats of rape, violence, and extreme vulgarities that cannot be reprinted.
Batchelder was 18 years old at the time.
You don’t have to be an activist or political organizer (or even be of legal drinking age) to be concerned that the Trump administration or its supporters will stalk you online. And some of the most effective ways to keep your online communications safe and secure are pretty simple.
The hacks of the Democratic National Committee were carried out via crude methods that would have been very easy for the victims to prevent. Many of the top DNC officials clicked on a “phishing” email, one that looked like an official email from the Google Gmail Team but was not. The email instructed the victims to click on a Change Password link. But when they entered a new password, they were handing that password to Russian hackers and giving them access to all of their email content.
The moral of that story is that if you receive a Change Password email that appears to be from Gmail or your email provider, make sure the sender’s email address really is a Google.com address or an address associated with that provider. Otherwise, it is likely a malicious hack attempt.
One of the best resources for learning to protect your online communications is Violet Blue’s 2014 book The Smart Girl’s Guide to Privacy. Despite the title, the book is relevant for both men and women who want to strengthen their cybersecurity and online privacy, particularly in the age of Trump.
One of the most basic — and revealing — exercises this book takes you through is what Blue calls an “Online Privacy Self-Test.” This consists of Googling your own name, phone number, address, Social Security number, and doing a Google Reverse Image search on yourself.
These little bits of information are incredibly useful to hackers, stalkers, and government surveillance operatives. If you’re an activist or organizer, these bits of information can be used to compromise you. You don’t want this information readily available online. The book walks you through the tedious but necessary steps to get your personal information removed from the internet.
If you attend or organize protests, you are strongly advised to lock your phone with a passcode. There is always a chance you could be arrested at a protest, no matter how peaceful your behavior. If your phone is not locked with a passcode, law enforcement can access all of your contacts, text messages, and mobile browsing history while you are detained.
These are common privacy best practices for anyone who wants to avoid being hacked, use credit cards online, or send and receive the occasional nude selfie. But if you’re an activist or operating in a capacity where you fear being targeted by the Trump administration or its acolytes, there are some high-level strategies you can use to keep your whereabouts, communications, and web-surfing habits from falling into the wrong hands.
The Electronic Frontier Fund has a Surveillance Self-Defense page (at ssd.eff.org) that provides an incredibly valuable clearinghouse of how-tos that explain how to encrypt or delete sensitive data, strip location tags from pictures of video you’ve taken at a protest, and how to encrypt your online communications.
Encrypting your most vulnerable and easily hacked online data is much easier than it sounds. Thanks to a free, open-source web browser extension called HTTPS Everywhere, anyone can add an extra layer of security to websites that are more vulnerable to snooping or hacking.
If you’re not familiar with internet initialisms, you may have noticed that website URLs often begin with the letters HTTP (HyperText Transfer Protocol). More secure sites, like Gmail and Facebook, have URLs that begin with HTTPS (HyperText Transfer Protocol Secure). That extra S notes that the website scrambles messages so that snoopers or hackers cannot read the data. HTTPS adds that extra layer of scrambling or security to sites that do not automatically have that security.
HTTPS Everywhere was designed in a collaboration between the EFF and an internet privacy nonprofit called the Tor Project. The Tor Project is perhaps best known for its Tor Browser, an anonymous web browser that hides your identity when you’re surfing the web. It’s available as a free download at TorProject.org.
“The Tor Browser is based on Mozilla’s Firefox browser,” Eva Galperin, a global policy analyst for EFF, tells SF Weekly. “It makes sure that when you are going to a website that all of your traffic goes through the Tor network. As a result, the website that you’re going to does not get your IP address.”
Your IP address is a numerical identifier assigned to your computer or connected device. Like a street address for electronic devices, an IP address describes exactly which web device is visiting a site. Snoops can use an IP address to identify who is visiting which web pages, but they can’t if you’re using the Tor Browser.
“It anonymizes you in the sense that it removes the link between your IP address and your visit to a website,” Galperin explains.
The EFF’s Surveillance Self-Defense page also has links to tools for online encryption, or making your emails unreadable to anyone except you or the people with whom you intend to communicate.
“You may use any number of encryption schemes to send encrypted email, including PGP, which we have a lengthy explanation for and walk-through on exactly how one goes about doing it,” Galperin says.
PGP sounds like a super-technical name, but it’s not. PGP stands for Pretty Good Privacy, and it was invented specifically for activists. PGP is now owned by the online security firm Symantec, but there is a free version available for personal and noncommercial uses as well as open source versions if you don’t trust Symantec. PGP has been around since the 1990s, and no intelligence organization has been able to crack it in that time.
With the right technology, your emails can be encrypted and your web-browsing footprints can be adequately hidden. But some forms of electronic communication do not come with safeguards and should be avoided for sensitive communications — most notably text messages, also known as SMS (Short Message Service).
“Plain SMS messages are sent unencrypted and are very easy for your ISP (Internet Service Provider) or for governments and law enforcement or for individuals with the right equipment to to intercept,” Galperin says. “I would not recommend sending SMS messages with anything that is particularly private or confidential.”
We’ve never seen an administration as hostile toward freedom of speech and the right to assemble as that of Trump. Surveillance tools that were ostensibly developed to prevent terrorist attacks may be used against innocent citizens who are merely mobilizing against an unpopular president.
But these surveillance tools do have flaws, and workarounds exist to avoid their watchful eye. As important as
it may feel to organize and speak out against this president, it is an equally important prerequisite that you read the EFF’s Surveillance Self-Defense, The Smart Girl’s Guide to Privacy, or some trusted resource on staying a step ahead of the snoops.
Joe Kukura is an SF Weekly news writer.